package com.security.oauth2.resource.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * @Author: zyn
 * @Description:
 * @Date: Created in 2019-05-22 15:15
 * @Modified By:
 */
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {


  @Override
  public void configure(HttpSecurity http) throws Exception {

    http
        .exceptionHandling()
        .and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests()
        .antMatchers("/").hasAuthority("System")
        .antMatchers("/view/**").hasAuthority("SystemContentView")
        .antMatchers("/insert/**").hasAuthority("SystemContentInsert")
        .antMatchers("/update/**").hasAuthority("SystemContentUpdate")
        .antMatchers("/delete/**").hasAuthority("SystemContentDelete");
  }
}
